SSO (Single Sign-On) Configuration and Use

Source:

Published:

Keywords: SSO, Single Sign-On, Admin SSO, Attendee SSO, Check-In App SSO, form SSO mappings, IDP fields, Single Sign-On Module

Document ID: platform-support_certain_com_hc_en-us_articles_30685253237015-SSO-Single-Sign-On-Configuration-and-Use

This topic is an overview of how to configure and use an SSO ("Single Sign-On") in Certain.

Certain can create SSO connections for you – please ask your Customer Success Manager for details.

An Administrator can then enable an SSO for an account or sub-account.

An Event Builder can then use it in an event.

SSOs can include Social Logins (LinkedIn, Facebook, Microsoft, or Google+) and Corporate SSO.

There are three types of SSO:

ADMIN SSO

ADMIN SSO is for Certain users logging in to the Certain app.

If Certain has configured an "ADMIN" SSO for your system (on Account Settings > Management > Single Sign-On), then users of the Certain platform who have signed in to your corporate system do not have to enter another username and password to access Certain. They do still need to have a matching User record in Certain.

Note: Only one ADMIN SSO can be activated for a system at any one time.

Attendee SSO

Attendee SSO is used for attendees logging in to registration forms or the Mobile web app, for speakers logging in to a Speaker Portal, and for reviewers logging in to a Reviewer Portal.

System: Certain creates and sets up one or more "ATTENDEE" SSOs for your system. ("System Master" users only.)

Account: Enable SSO(s). An Administrator enables those "ATTENDEE" SSOs for each account and sub-account in which they will be used. (Note: For an SSO to be available in a sub-account, it must first be enabled in the parent account.)

Account: Configure SSO field mappings. An Administrator maps IDP fields to Certain Fields.

Note: In a sub-account, you need to map these fields independently of the parent account, because the mappings are not "inherited" from the parent account.

Account: Customize SSO button. (Optional) An Administrator can customize the appearance of the SSO button(s) for each SSO connection to be used on Forms, Mobile, the Speaker Portal, and the Reviewer Portal.

Event: An Administrator enables the Single Sign-On module for the event. In the event, go to Plan > Configure > Options, and select the Single Sign-On Module under Functional Areas to be enabled for this event.

Event: An Administrator configures the SSO for an event. In the event, go to Plan > Configure > Single Sign-On, and select the Enabled check box for the SSO(s) to be available for use in the event. That makes them available to the event's forms, its Mobile web app, its Speaker Portal, and its Reviewer Portal.

Note: You don't "edit" an SSO; you just select its check box in the list of SSOs.

In Forms

Form: An Event Builder selects the SSO(s) to be available on a form. In the event, go to Plan > Forms > Entry to edit the Entry section for the form, and select the SSO(s) to be used. (The list available is of those enabled in step 6, above.)

Attendees: When an attendee is registering on that form, they can click a button on the entry page to pre-populate their details.

Attendees: Once an attendee has registered using an SSO, they can log back in using the same SSO, or their Username and Password, but not using a different SSO.

Note: An attendee who registered without using an SSO connection cannot log back in to their registration using one; they can only log in using their Username and Password.

For a Certain Mobile HTML5 Web App

For attendees logging in to a Certain Mobile web app. These are the remaining steps after 1–6 above. (See especially step 4, about customizing the SSO button.)

Mobile: An Event Builder selects the SSO(s) to be available on the page of the Mobile web app. In the event, go to Engage > Mobile > Content to edit the page, and select the SSO(s) to be used.

Attendees: When an attendee is logging in to the Certain Mobile web app, if they registered using an SSO (see "In Forms", above) they can click the same button on the page (for example, LinkedIn) to log in to Mobile using those credentials. Note: An attendee who registered without using an SSO connection cannot log in to the Mobile web app using one; they can only log in using their Username and Password.

For a Speaker Portal

Available only if these options are enabled for the event (in Plan > Configure > Options):

These are the remaining steps after 1–6 above. (See especially step 4, about customizing the SSO button.)

Speaker Portal: An Event Builder selects the SSO(s) to be available on the page of the Speaker Portal. In the event, go to Manage > Speakers and Sessions > Speaker Portal to edit the page, and select the SSO(s) to be used.

Speakers: When a speaker first registers in the Speaker Portal, they can click a button on the page (for example, LinkedIn) to pre-populate their details using those credentials.

Speakers: Once a speaker has registered using an SSO, they can log in to the Speaker Portal using the same SSO, or their Username and Password, but not a different SSO.

Example: If the Speaker Portal offered the choice of LinkedIn and Facebook, and they used LinkedIn to register, they could not use Facebook to log in.

Note: A speaker who registered without using an SSO connection cannot log in using one; they can only log in using their Username and Password.

For a Reviewer Portal

Available only if these options are enabled for the event (in Plan > Configure > Options):

These are the remaining steps after 1–6 above. (See especially step 4, about customizing the SSO button.)

Reviewer Portal: An Event Builder selects the SSO(s) to be available on the page of the Reviewer Portal. In the event, go to Manage > Speakers and Sessions > Reviewer Portal to edit the page, and select the SSO(s) to be used.

Reviewers: When a reviewer goes to the Reviewer Portal they can click a button on the Login page (for example, LinkedIn) to pre-populate their details using those credentials.

Reviewers: Once a reviewer has registered using an SSO, they can log in to the Reviewer Portal using the same SSO, or their Username and Password, but not a different SSO.

Note: A reviewer who registered without using an SSO connection cannot log in using one; they can only log in using their Username and Password.

"Check-In App" SSO

For Certain users logging in to the Certain Check-In app.

If Certain has configured a "CHECK-IN APP" SSO for your system, Check-In users can log in with their SSO credentials instead of their Certain username and password. They do still need to have a User record in Certain.

The workflow is simple:

System: Certain sets up a "CHECK-IN APP" SSO for your system. (Certain System Master users only.)

Account or Sub-Account: No configuration is required in an account or sub-account.

If a "CHECK-IN APP" SSO is enabled for a system, it is automatically enabled for all accounts / sub-accounts.

Event: No configuration is required at the event level: Nothing in Event > Configure > Single Sign-On; Nothing in Event > Engage > Check-In.

Check-In Users: When a Certain user logs in to Certain Check-In on their mobile device, they can click the gear icon on the page to select the SSO and use those credentials to log in. They can now use the app to check attendees in at an event, just as if they had logged in with their Certain username and password.

Note: Only one CHECK-IN APP SSO can be activated for a system at any one time.

// End of article content (navigation and footers omitted)